CVE-2024-31503: Dolibarr vulnerable to Cross-Site Request Forgery

April 17, 2024

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users’ session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

References

github.com/Dolibarr/dolibarr
github.com/advisories/GHSA-6ppg-rgrg-f573
github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md
nvd.nist.gov/vuln/detail/CVE-2024-31503

Detect and mitigate CVE-2024-31503 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →